VARIoT latest news about IoT security

Cisco IP Phone Software Arbitrary File Read Vulnerability - Cisco Related entries in the VARIoT vulnerabilities database: VAR-202110-0201 Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 6, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	wireless ip phone 8821
vendor:	cisco	model:	ip phone 8821
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	ip phone

db:	NVD	ids:	CVE-2021-34711
db:	POSITIVE TECHNOLOGY	ids:	ID:1633536661356243

CVE - CVE-2021-1592 Trust: 5.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ucs manager
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ucs manager
vendor:	cisco systems	model:	ucs manager
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ucs manager

db:

NVD

ids:

CVE-2021-1592

Majority of consumer IoT vendors still lack vulnerability disclosure programs - report \| The Daily Swig Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 3:17 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

About the security content of iOS 14.8 and iPadOS 14.8 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202108-2077, VAR-202110-1677, VAR-202110-0945, VAR-202110-1610, VAR-202110-1684, VAR-202110-1513, VAR-201401-0579, VAR-202110-1622, VAR-202108-2172, VAR-202110-1512, VAR-202108-2078, VAR-202110-1620, VAR-202110-1428, VAR-202110-1621, VAR-202110-1608, VAR-202108-1057, VAR-202108-2072, VAR-202108-2122, VAR-202110-1514 Trust: 5.25 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 14, 2022, midnight	Vulnerabilities: integer overflow, use after free, memory corruption...

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	webkit
vendor:	apple	model:	ipod touch

db:

NVD

ids:

CVE-2021-30859, CVE-2021-30823, CVE-2021-30820, CVE-2021-30818, CVE-2021-30847, CVE-2021-30842, CVE-2013-0340, CVE-2021-30846, CVE-2021-30858, CVE-2021-30843, CVE-2021-30855, CVE-2021-30849, CVE-2021-30834, CVE-2021-30848, CVE-2021-30836, CVE-2021-30860, CVE-2021-30857, CVE-2021-30852, CVE-2021-30841

GRIMM Private Vulnerability Disclosure Program Reveals Netgear SOHO Devices Vulnerability \| Business Wire Trust: 5.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 21, 2021, 10 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

netgear

model:

router

About the security content of iOS 15.0.2 and iPadOS 15.0.2 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202108-2053, VAR-202108-2054, VAR-202108-2057 Trust: 5.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 11, 2021, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch

db:

NVD

ids:

CVE-2021-30896, CVE-2021-30895, CVE-2021-30883

Routers, NAS and phones hacked in Pwn2Own competition Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 5, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	series
vendor:	cisco	model:	rv340
vendor:	cisco	model:	router
vendor:	trend micro	model:	security
vendor:	samsung	model:	mobile
vendor:	samsung	model:	printers
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	mobile phones
vendor:	samsung	model:	printer
vendor:	trend	model:	security
vendor:	lexmark	model:	lexmark
vendor:	lexmark	model:	printer

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access Related entries in the VARIoT vulnerabilities database: VAR-202111-0664 Trust: 5.5 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 5, 2021, 6:15 a.m.	Vulnerabilities: denial of service, command injection

Affected products

External IDs

vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	small business series
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	small business series switches
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	small business
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	series switches
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	series
vendor:	cisco	model:	email security appliance
vendor:	cisco systems	model:	cisco small business
vendor:	cisco systems	model:	cisco asyncos
vendor:	cisco systems	model:	small business series
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	small business series switches
vendor:	cisco systems	model:	policy suite
vendor:	cisco systems	model:	small business
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	asyncos
vendor:	cisco systems	model:	cisco policy suite
vendor:	cisco systems	model:	series switches
vendor:	cisco systems	model:	cisco email security appliance
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	email security appliance

db:

NVD

ids:

CVE-2021-40113, CVE-2021-34795, CVE-2021-34741, CVE-2021-40119, CVE-2021-40112, CVE-2021-34739

Bluetooth vulnerabilities raise red flags about connected device security Trust: 4.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 9, 2021, 7:32 a.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:

sonos

model:

sonos

Highly Critical Cisco Equipment Hijacking Vulnerabilities - Bestgamingpro Trust: 6.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 16, 2021, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	policy suite
vendor:	cisco	model:	policy suite software
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	series switches
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2021-40112, CVE-2021-34795

Critical vulnerabilities expose Cisco equipment to hijacking attacks - BBC Tech Update Trust: 4.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 5, 2021, 1:36 p.m.	Vulnerabilities: injection attack, command injection

Affected products

External IDs

vendor:	cisco	model:	series switches
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco policy suite

db:

NVD

ids:

CVE-2021-40113, CVE-2021-40112, CVE-2021-34795

IT risk consultant says New World devs "should be ashamed of themselves" for code injection vulnerability - Inven Global Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 30, 2021, midnight	Vulnerabilities: code injection

Affected products	External IDs

Google Patches Android Zero-Day Exploited in Targeted Attacks \| SecurityWeek.Com Trust: 4.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 16, 2022, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2021-1048

ZERO-DAY VULNERABILITIES FOUND IN CANON IMAGECLASS AND HP COLOR LASERJET PRO PRINTERS AT PWN2OWN " Cyber Security Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 5, 2021, 11:27 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	printers
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung
vendor:	samsung	model:	samsung galaxy
vendor:	sonos	model:	sonos

Schneier on Security Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Dec. 17, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

squid

model:

squid

Microsoft Techies help Apple fix critical MacOS bug \| ummid.com Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 4.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 1, 2021, 7:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2021-30892

Zero-day vulnerabilities found in Canon ImageCLASS and HP Color LaserJet Pro printers at Pwn2Own Trust: 3.25 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 3, 2021, 5:05 p.m.	Vulnerabilities: -

Affected products	External IDs

Source Code Security Analyzers \| NIST Trust: 4.25 Fetched: Nov. 9, 2021, 12:59 p.m., Published: March 23, 2021, 7:29 p.m.	Vulnerabilities: os command injection, request forgery, code execution...

Affected products

External IDs

vendor:	node.js	model:	node.js
vendor:	nodejs	model:	node.js
vendor:	clamav	model:	clamav

Discovering the Exploitable Security Gaps in Remote Work Spaces Trust: 5.25 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 8, 2021, midnight	Vulnerabilities: default credentials, denial of service, buffer overflow...

Affected products

External IDs

vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	printer
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	printers
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile
vendor:	tp-link	model:	routers
vendor:	tp-link	model:	ac1750
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv340
vendor:	cisco	model:	router
vendor:	cisco	model:	series
vendor:	trend micro	model:	security
vendor:	sonos	model:	sonos
vendor:	google	model:	google home
vendor:	google	model:	home
vendor:	trend	model:	security

CISA Warns That BrakTooth Vulnerabilities Can Now Be Exploited Trust: 4.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 8:25 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

samsung

model:

samsung

VARIoT news about IoT security